Principal, Information Security Engineer (Blue Team - SOC&CERT)L6

Principal, Information Security Engineer (Blue Team - CERT)Coupang Shanghai / Beijing, ChinaTeam Description : The Coupang Blue team is ultimately responsible for providing oversight and day to day leadership for all security monitoring, incident response & management, SOC and threat intelligence.

Blue team is defining and delivering a pragmatic strategy that delivers the highest levels of industrially robust security operations to Coupang, for both current and future state.

Also Blue team is pro-actively and effectively delivering a world class threat intelligence, incident management processes and procedures.

Also, the Blue team is expanding and transforming to Cyber Fusion Center including FDS, Red Teaming and Vulnerability management.Key Responsibilities :

  • Conduct data breach and security incident investigations including compromise assessment
  • Assess threats and technologies effecting security vulnerabilities and recent internet threats
  • Perform malware analysis and reverse engineering
  • Defend systems against unauthorized access, modification and / or destruction
  • Liaison with other cyber threat analysis entities
  • Identify abnormalities and report violations
  • Oversee and monitor routine security administration
  • Apply expertise in both host and network analysis to ascertain the impact of an attack and develop threat trends and mitigation techniques and countermeasures that can prevent future attacks.
  • Design and conduct security audits to ensure operational security
  • Respond immediately to security incidents and provide post-incident analysis
  • Provide technical advice to colleagues
  • Basic Qualifications :

  • 10+ years of experience in information security with at least 5+ years in security incident response
  • Host based security investigation (Windows, Linux, Network / Security appliances)
  • Operating SIEM and CTI (Cyber Threat Intelligence) Solutions and developing use cases
  • Knowledge and experiences of EDR (Endpoint Detection and Response) system and tools such as Carbon Black, CrowdStrike, EnCase-EDR, FTK, Volatility memory forensic, etc.
  • Knowledge of application security such as Web application, Mobile app traffics, etc.
  • Ability to be flexible and work during non-business hours (to support a global team in different time zones)
  • Preferred Qualifications :

  • Language : Korean and English
  • Certified in one or more of the following : CISSP, CISA, CCNA, CISM, SANS GIAC
  • Working knowledge of the intelligence lifecycle and current cyber threat landscape
  • Understanding of major threats and threat actors and their relevance to the eCommerce industry
  • Knowledge of Cloud service practices and principles (e.g AWS, Azure)
  • Proficient in one or more computer programming languages
  • Development experience in Automation and Script (Linux shell, Python, Perl, Powershell)
  • Experience in developing using Log Search (ELK, Splunk), TSDB(Time series DB)
  • Knowledge of DevOps and Agile practices and principles
  • Knowledge of open security testing standards and projects, including OWASP and ATT&CK
  • 報告此工作

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通过点击 "继续", 我 同意neuvoo处理我的信息数据, 并给我发送电子邮件提醒 详见neuvoo 隐私政策 。我可以在任何时候取消订阅。